Ideas for tracking Authz changes in a repo

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Ideas for tracking Authz changes in a repo

Paul Hammant-3
One thing I need to be able to do in the near term is track when authz settings change for a user (or groups).

It'd be great if Svn had the authz file (optionally) under source control. I'd be happy with

1) a robot user performs a copy of the file from its canonical location and automatic commit of the authz file into <root>/.authz. And perhaps that would have permissions such that ordinary users cannot see it.

2) the configuration of the authz side of Svn (optionally) can be canonically located at <root>/.authz (same notes as to hidden, itself)

3) something else - advice welcome!

Re #1, I could engineer a Jenkins job to perform the commits, but the config changing isn't in the classic trigger system.

Regards,

- Paul

Reply | Threaded
Open this post in threaded view
|

Re: Ideas for tracking Authz changes in a repo

Mark Phippard-3
On Tue, Nov 28, 2017 at 8:55 AM, Paul Hammant <[hidden email]> wrote:
One thing I need to be able to do in the near term is track when authz settings change for a user (or groups).

It'd be great if Svn had the authz file (optionally) under source control. I'd be happy with


That feature was added in SVN 1.8:



--
Reply | Threaded
Open this post in threaded view
|

Re: Ideas for tracking Authz changes in a repo

Paul Hammant-3
Thanks for this Marc. I'll go ahead and play with it to learn it capabilities and (hopefully few) snags.

- Paul
Reply | Threaded
Open this post in threaded view
|

Re: Ideas for tracking Authz changes in a repo

Paul Hammant-3
s/Marc/Mark/ sorry ... I've been dealing with a fellow with the other spelling today in work.
Reply | Threaded
Open this post in threaded view
|

Re: Ideas for tracking Authz changes in a repo

Stefan Fuhrmann
In reply to this post by Paul Hammant-3
On 29.11.2017 18:40, Paul Hammant wrote:
> Thanks for this Marc. I'll go ahead and play with it to learn it capabilities
> and (hopefully few) snags.

In 1.10 and for svn:// since 1.9, in-repository authz can be a lot
faster than file-based authz.  The reason is that repositories
provide O(1) update checks on the authz contents, making cache
validity checks very efficient for large authz specs.

-- Stefan^2.